class LoginController < ApplicationController
  before_filter :authorize, :except => :login

  def add_user
    if request.get?
      @user = User.new
    else
      @user = User.new(params[:user])
      if @user.save
	redirect_to_index("User #{@user.name} created")
      end
    end
  end

  def login
    if request.get?
      session[:user_id] = nil
      @user = User.new
    else
      @user = User.new(params[:user])
      logged_in_user = @user.try_to_login
      if logged_in_user
	session[:user_id] = logged_in_user.id
	jumpto=session[:jumpto] || {:action=>"index"}
	session[:jumpto]=nil
	redirect_to jumpto
      else
	flash[:notice] = "Invalid user/password combination"
      end
    end
  end

  def logout
    session[:user_id] = nil
    flash[:notice] = "Logged out"
    redirect_to :action=>"login"
  end

  def delete_user
  end

  def list_users
  end

  def index
    @total_orders = Order.count
    @pending_orders = Order.count_pending
  end

  private
  def redirect_to_index(msg)
    flash[:notice] = msg if msg
    redirect_to :action=>"index"
  end
end
